| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 15:08:30 +0300
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Hans de Goede <hdegoede@...hat.com>
Cc: Divya Bharathi <divya27392@...il.com>,
Darren Hart <dvhart@...radead.org>,
LKML <linux-kernel@...r.kernel.org>,
Platform Driver <platform-driver-x86@...r.kernel.org>,
Divya Bharathi <divya_bharathi@...l.com>,
mark gross <mgross@...ux.intel.com>,
Mario Limonciello <mario.limonciello@...l.com>,
Prasanth KSR <prasanth.ksr@...l.com>
Subject: Re: [PATCH v3] Introduce support for Systems Management Driver over
WMI for Dell Systems
On Mon, Sep 21, 2020 at 2:38 PM Hans de Goede <hdegoede@...hat.com> wrote:
> On 9/17/20 8:55 AM, Divya Bharathi wrote:
...
> Now I see that you try to correctly deal with strncpy-s nastiness
> everywhere, but please just don't use it all.
> Not using strncpy at all is much better.
>
> A lot of the strncpy usage is hidden in:
>
> strncpy_attr(char *dest, char *src)
> {
> size_t len = strlen(src) + 1;
>
> if (len > 1 && len < MAX_BUFF)
> strncpy(dest, src, len);
> }
>
> Why is there no warning printed when the source string
> is too long ? Now we just quietly throw away the
> data, which seems undesirable.
>
> Also wouldn't truncating the data to fit in MAX_BUFF be better?
> (honest question, I do not know which option is better)
And don't forget new compiler warning if it can prove that string will
be NUL-terminated.
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists